CVE-2021-26887

Published Mar 11, 2021

Last updated a year ago

Overview

Description: An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder. To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data. This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the FAQ section of this CVE for configuration guidance.
Source: secure@microsoft.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-59

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References